chore: refresh docs and workflows

.github/copilot-instructions.md

@@ -0,0 +1,46 @@
+# Copilot Instructions for `goark/fetch`
+
+## Project purpose
+
+`fetch` is a small package focused on downloading data from URL endpoints.
+The package should hide common `net/http` idioms and keep calling code simple.
+
+## Design principles
+
+- Prefer explicit, small APIs over feature-rich abstractions.
+- Keep `context.Context` based methods as the default path.
+- Favor composable option functions (`ClientOpts`, `RequestOpts`).
+- Preserve compatibility when possible; avoid breaking public symbols.
+
+## Error handling
+
+- Use `github.com/goark/errs` as the primary internal error handling package.
+- Prefer `errs.Wrap`, `errs.Join`, and `errs.WithContext` over ad-hoc wrapping patterns.
+- Keep `errors.Is` compatibility when returning wrapped errors.
+- Return wrapped errors so callers can use `errors.Is`.
+- Keep sentinel errors stable (`ErrInvalidURL`, `ErrInvalidRequest`, `ErrHTTPStatus`, `ErrNullPointer`).
+- Include useful context values when wrapping errors.
+
+## HTTP behavior
+
+- Continue to use `net/http` as the base implementation.
+- Ensure response body cleanup remains safe and predictable.
+- Keep behavior for non-success HTTP status explicit and documented.
+
+## Coding style
+
+- Write idiomatic Go and keep implementation straightforward.
+- Avoid unnecessary dependencies.
+- Keep comments concise and in English.
+
+## Testing and validation
+
+- Add or update tests for behavior changes.
+- Prefer local validation with Taskfile targets:
+  - `task test`
+  - `task govulncheck`
+
+## Documentation
+
+- Keep `README.md` in sync with public API changes.
+- Include practical examples for GET/POST and error handling.

.github/workflows/ci.yml

@@ -0,0 +1,44 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  test-and-lint:
+    name: lint and test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache-dependency-path: go.sum
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest
+          args: --enable gosec
+
+      - name: Test module
+        run: go test -shuffle on ./...
+
+  govulncheck:
+    name: govulncheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Run govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: go.mod
+          go-package: ./...
+          repo-checkout: false

.github/workflows/codeql.yml

@@ -0,0 +1,35 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: "0 20 * * 0"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: go
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3